The bare minimum you need to know about web application security testing in 2018

I recently had the opportunity to present my security talk via STP's Community Webinar. I've included some the links to resources that you might find useful:

Stories

• Troy Hunt and the Nissan Leaf (and the Youtube video)
• Apache Struts Vulnerability

Tools

• STRIDE Threat Model
• DREAD Threat Model
• OWASP ZAP
• Dependency Check
• Wireshark
• Microsoft Threat Modelling Tool 2016

Reading

• Full disclosure mailing list
• Krebs on Security
• Schneier on Security
• Troy Hunt
• OWASP testing guide (you can get the PDF version from this wiki)
• Threat Modelling (book)
• Red Team: How to Succeed By Thinking Like the Enemy (book)

Practice

• HackerOne bug bounty program
• xss-game.appspot.com
• Ticket Magpie

Here's a link to the slides too (Slideshare)

Here's the presentation, in all its Youtube glory!